CVE-2025-28231 - Itel Electronics IP Stream Remote Command Execution Vulnerability
CVE ID : CVE-2025-28231
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28231
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28233 - BW Broadcast TX600/150/1000/30/50 Authentication Bypass Vulnerability
CVE ID : CVE-2025-28233
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract session identifiers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28233
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract session identifiers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28235 - Soundcraft Ui Series Information Disclosure
CVE ID : CVE-2025-28235
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28235
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : An information disclosure vulnerability in the component /socket.io/1/websocket/ of Soundcraft Ui Series Model(s) Ui12 and Ui16 Firmware v1.0.7x and v1.0.5x allows attackers to access Administrator credentials in plaintext.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28236 - Nautel VX Series Transmitters Remote Code Execution Vulnerability
CVE ID : CVE-2025-28236
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28236
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Nautel VX Series transmitters VX SW v6.4.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the firmware update process. This vulnerability allows attackers to execute arbitrary code via supplying a crafted update package to the /#/software/upgrades endpoint.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28237 - WorldCast Systems ECRESO FM/DAB/TV Transmitter Privilege Escalation Vulnerability
CVE ID : CVE-2025-28237
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28237
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28238 - Elber REBLE310 Session Hijacking Vulnerability
CVE ID : CVE-2025-28238
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28238
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Improper session management in Elber REBLE310 Firmware v5.5.1.R , Equipment Model: REBLE310/RX10/4ASI allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28242 - DAEnetIP4 METO Session Hijacking Vulnerability
CVE ID : CVE-2025-28242
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28242
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Improper session management in the /login_ok.htm endpoint of DAEnetIP4 METO v1.25 allows attackers to execute a session hijacking attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29512 - NodeBB Cross-Site Scripting (XSS)
CVE ID : CVE-2025-29512
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29512
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code and potentially render the blacklist IP functionality unusable until content is removed via the database.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29513 - NodeBB XSS Stored
CVE ID : CVE-2025-29513
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29513
Published : April 18, 2025, 6:15 p.m. | 2 hours, 40 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in NodeBB v4.0.4 and before allows remote attackers to store arbitrary code in the admin API Access token generator.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24914 - Nessus Windows Unsecured Directory Permissions Vulnerability
CVE ID : CVE-2025-24914
Published : April 18, 2025, 7:15 p.m. | 1 hour, 40 minutes ago
Description : When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24914
Published : April 18, 2025, 7:15 p.m. | 1 hour, 40 minutes ago
Description : When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28355 - Volmarg Personal Management System CSRF Attack
CVE ID : CVE-2025-28355
Published : April 18, 2025, 7:15 p.m. | 1 hour, 40 minutes ago
Description : Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28355
Published : April 18, 2025, 7:15 p.m. | 1 hour, 40 minutes ago
Description : Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-57493 - RedoxOS Relibc Denial of Service Vulnerability
CVE ID : CVE-2024-57493
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-57493
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25983 - Macro-video Technologies Co.,Ltd V380 Pro Android Information Disclosure
CVE ID : CVE-2025-25983
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25983
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25984 - Macro-video Technologies Co.,Ltd V380E6_C1 IP Camera UART Code Execution Vulnerability
CVE ID : CVE-2025-25984
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25984
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25985 - Macro-video Technologies Co.,Ltd V380E6_C1 IP Camera Physical Code Execution Vulnerability
CVE ID : CVE-2025-25985
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25985
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-28197 - Crawl4AI SSRF
CVE ID : CVE-2025-28197
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-28197
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : Crawl4AI <=0.4.247 is vulnerable to SSRF in /crawl4ai/async_dispatcher.py.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32377 - Rasa Pro Unauthenticated Voice Data Injection Vulnerability
CVE ID : CVE-2025-32377
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This issue has been patched for audiocodes, audiocodes_stream, and genesys connectors in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32377
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : Rasa Pro is a framework for building scalable, dynamic conversational AI assistants that integrate large language models (LLMs). A vulnerability has been identified in Rasa Pro where voice connectors in Rasa Pro do not properly implement authentication even when a token is configured in the credentials.yml file. This could allow an attacker to submit voice data to the Rasa Pro assistant from an unauthenticated source. This issue has been patched for audiocodes, audiocodes_stream, and genesys connectors in versions 3.9.20, 3.10.19, 3.11.7 and 3.12.6.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36625 - Nessus HTTP Request Manipulation Information Disclosure
CVE ID : CVE-2025-36625
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36625
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3795 - "DaiCuo SEO Optimization Settings Section Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-3795
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3795
Published : April 18, 2025, 8:15 p.m. | 41 minutes ago
Description : A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-53591 - Seclore Brute Force Authentication Bypass
CVE ID : CVE-2024-53591
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-53591
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29058 - Qimou CMS Remote Code Execution Vulnerability
CVE ID : CVE-2025-29058
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29058
Published : April 18, 2025, 9:15 p.m. | 3 hours, 44 minutes ago
Description : An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...